Execution of an offensive payload may begin with a safe delivery of the payload to the endpoint itself. When most secure connections in the enterprise are inspected, reliance on transmission level security may not be enough to accomplish that goal. Foxtrot C2 serves one goal: safe delivery of payloads and commands between the external network and the internal point of presence, traversing intercepting proxies, with the end-to-end application level encryption. While the idea of end-to-end application encryption is certainly not new, the exact mechanism of Foxtrot's delivery implementation has advantages to Red Teams as it relies on a well known third party site, enjoying elevated ranking and above average domain fronting features. Payload delivery involves several OpSec defenses: sensible protection from direct attribution, active link expiration to help with the interception, tracking and replay activities by the defenders. And if your standalone Foxtrot agent is caught, the delivery mechanism may live on, you could still manually bring the agent back into the environment via the browser."